Opencart

Opencart

43 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.4

CVE-2020-10596

Exploit
  • EPSS 1.25%
  • Veröffentlicht 17.03.2020 15:15:14
  • Zuletzt bearbeitet 21.11.2024 04:55:40

OpenCart 3.0.3.2 allows remote authenticated users to conduct XSS attacks via a crafted filename in the users' image upload section.

4.8

CVE-2019-15081

Exploit
  • EPSS 0.17%
  • Veröffentlicht 15.08.2019 15:15:15
  • Zuletzt bearbeitet 21.11.2024 04:28:00

OpenCart 3.x, when the attacker has login access to the admin panel, allows stored XSS within the Source/HTML editing feature of the Categories, Product, and Information pages.

8.8

CVE-2018-13067

Exploit
  • EPSS 0.53%
  • Veröffentlicht 02.07.2018 17:29:00
  • Zuletzt bearbeitet 21.11.2024 03:46:20

/upload/catalog/controller/account/password.php in OpenCart through 3.0.2.0 has CSRF via the index.php?route=account/password URI to change a user's password.

4.9

CVE-2018-11495

Exploit
  • EPSS 0.53%
  • Veröffentlicht 26.05.2018 20:29:00
  • Zuletzt bearbeitet 21.11.2024 03:43:29

OpenCart through 3.0.2.0 allows directory traversal in the editDownload function in admin\model\catalog\download.php via admin/index.php?route=catalog/download/edit, related to the download_id. For example, an attacker can download ../../config.php.

8

CVE-2018-11494

Exploit
  • EPSS 0.37%
  • Veröffentlicht 26.05.2018 20:29:00
  • Zuletzt bearbeitet 21.11.2024 03:43:29

The "program extension upload" feature in OpenCart through 3.0.2.0 has a six-step process (upload, install, unzip, move, xml, remove) that allows attackers to execute arbitrary code if the remove step is skipped, because the attacker can discover a s...

9.8

CVE-2014-3990

Exploit
  • EPSS 10.96%
  • Veröffentlicht 20.03.2018 21:29:00
  • Zuletzt bearbeitet 21.11.2024 02:09:17

The Cart::getProducts method in system/library/cart.php in OpenCart 1.5.6.4 and earlier allows remote attackers to conduct server-side request forgery (SSRF) attacks or possibly conduct XML External Entity (XXE) attacks and execute arbitrary code via...

7.2

CVE-2016-10509

Exploit
  • EPSS 0.51%
  • Veröffentlicht 31.08.2017 20:29:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

SQL injection vulnerability in the updateAmazonOrderTracking function in upload/admin/model/openbay/amazon.php in OpenCart before version 2.3.0.0 allows remote authenticated administrators to execute arbitrary SQL commands via a carrier (aka courier_...

6.1

CVE-2015-4671

Exploit
  • EPSS 0.26%
  • Veröffentlicht 12.01.2016 19:59:01
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Cross-site scripting (XSS) vulnerability in OpenCart before 2.1.0.2 allows remote attackers to inject arbitrary web script or HTML via the zone_id parameter to index.php.

5

CVE-2011-3763

Exploit
  • EPSS 1.12%
  • Veröffentlicht 24.09.2011 00:55:01
  • Zuletzt bearbeitet 11.04.2025 00:51:21

OpenCart 1.4.9.3 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by system/startup.php and certain other files.

6.8

CVE-2010-1610

  • EPSS 0.16%
  • Veröffentlicht 29.04.2010 19:30:00
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Cross-site request forgery (CSRF) vulnerability in index.php in OpenCart 1.4 allows remote attackers to hijack the authentication of an application administrator for requests that create an administrative account via a POST request with the route par...